Faisal Khan

Faisal Khan

To generate random numbers, linux provides two devices /dev/random and /dev/urandom . /dev/random depends on the Entropy pool ( created by system activity and environmental noise from device drivers). If there isn’t sufficient Entroy, randon tends to block, which is where the problem lies.

/dev/urandom uses algorithmic way of generating the random numbers and since it depends on algorithm and not external factors, it is non-blocking type.

Since SSL Comunication requires generation of random numbers we might run into issues while using random.
Some issues that I have encountered are

Connecting to Weblogic Server over SSL using WLST.

If there is not enough entropy, the request is blocked if we are using random.
To owercome this  issue we need to switch to urandom and use the following command line

java -Dweblogic.security.TrustKeyStore=DemoTrust -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.enforceConstraints=off
-Djava.security.egd=file:///dev/urandom weblogic.WLST

Servers Taking a lot of Time to start.

Take a thread dump, if you see the following stack trace, switch to urandom.


^– Holding lock: com/bea/security/utils/random/SecureRandomData@0xb1f8718[recursive]
at com/bea/security/utils/random/AbstractRandomData.getRandomBytes(AbstractRandomData.java:97)
^– Holding lock: com/bea/security/utils/random/SecureRandomData@0xb1f8718[biased lock]
at com/bea/security/utils/random/AbstractRandomData.getRandomBytes(AbstractRandomData.java:92)
at weblogic/security/Salt.getRandomBytes(Salt.java:18)

References:-

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6366924
http://lwn.net/Articles/185260/
http://linux.about.com/library/cmd/blcmdl4_urandom.htm

.
Thanks
Faisal Khan